Of all the changes wrought by the internet and social media, the technology that allows companies, governments and individuals to track people’s digital footprints is among the most promising and the most perilous.

From a business perspective, it’s promising, because now it’s easier than ever for companies to employ tracking technologies (cookies, device identifiers, clickmaps, etc.) to better understand and meet their customers’ wants and needs. As a business leader, you know “data is the new oil” and that success in your organization will depend on having a “360-degree view” of your customers’ interactions with your enterprise. Today, most of the technology to give you these customer insights is available off the shelf.

But it’s perilous as well, because your customers know those same technologies can be used for a variety of nefarious purposes. They equate this capability with Facebook’s unauthorized sharing of their personal information, the threat of identity theft, or with Google’s recent effort to help the Chinese government tie citizens’ search activity to their phone numbers. Toss in the possibility of running afoul of the plethora of new data privacy rules (more on that below), and you could harm your brand by appearing to be unscrupulous in the use of your customers’ behavioral data.

This paradox of promise and peril can inhibit organizations from making the kinds of innovation investments that might be critical to growth. At the same time, it can prohibit customers who suspect of your motives from sharing data and reaping the full rewards of a digitally enhanced customer experience. We all hope to follow Google’s recently revised motto in its code of conduct: “Don’t be evil.” But ask yourself: Do your users know the true extent to which your organization tracks their activity on your digital platforms?

If the answer is no, you have some explaining to do. Here are a few pointers for how you can move ahead and employ user-tracking technologies, while retaining the trust of your users.

Transparency

Don’t just slap an annoying “this site uses cookies” splash page on your site and think you’ve done what you need to do to comply with GDPR rules (you haven’t). Also, it’s not just GDPR anymore: Now you also need to worry about the coming CCPA (California Consumer Privacy Act) rules, enacted last summer in response to the Cambridge Analytica scandal.

When the CCPA goes into effect on January 1, 2020, it will become the most comprehensive data privacy law in the United States. And like Europe’s GDPR, it will provide certain rights to consumers, including the “Right to Know,” “Right to Access,” “Right to Opt-Out” and “Right to Deletion.”

The law also greatly expands the definition of personal information and requires companies to allow consumers to opt out of data sharing to third parties on their websites. Penalties will be stiff ($7,500 per violation, with a private right of action).

Meeting or exceeding these standards sooner rather than later would be a great way to boost trust levels with your users. Also, write your privacy policy clearly, in plain English. That alone would set you apart. The International Association of Privacy Professionals (IAPP) advises you publish a brief, clear Transparency Policy that links to the more legalese-laden privacy policy.

Personalization as a force for good

Many of us are still a little creeped out when we see a display advertisement on one website touting an item we were just shopping for on another site. Using personalization technology to deliver micro-targeted advertising and messaging is becoming commonplace, however, and I suspect we’ll all become accustomed to the practice. Ideally, your users should be informed if you display “programmatic” or targeted advertisements on your website — or, if you’re an e-commerce retailer, whether you hand off tracking information for your ads to appear to the user on other websites they visit.

But here’s a thought: Use that same technology not just to deliver advertising or marketing messages, but also to deliver micro-targeted content, services and experiences to your site visitors. Many content management systems, including HubSpot, Sitecore, Kentico and Adobe, have integrated marketing automation capabilities that can be used for more than ads. Think of your site as a collection of separate journeys for each type of user (persona), and — using these platforms’ ability to award points for each page visited — establish “engagement scores” to determine what each user is looking for. Knowing what journey each user is on will allow you to personalize the types of content they see the next time they visit.

Using tracking technologies in this way can turn it into a virtue. You can explain in your data transparency statement how tracking customers’ click history will allow you to provide them with more personalized, relevant and valuable information and services.

Bottom line: Don’t let the data privacy headlines and headaches of the technology giants dissuade you from innovating through personalization and user-tracking technologies. By focusing on transparency in data gathering, including making it easy to opt out, and using these technologies not just to sell stuff but to meet user needs, you’ll stay ahead of regulators –and the competition.